Thursday, January 25, 2007

Leaking Information

Tuesday earlier this week, I gave a presentation on the topic of Comparing Information Without Leaking It.  This is a class of problems in which two parties are interested in ensuring they both know some secret so they can then safely talk about it.  Wouter Teepe wrote his Ph.D. Thesis on an extension of this problem, and has a number of excellent ideas as to where, potentially, algorithms which solve this class of problems might be used.  A particularly memorable one concerned the recent EU - USA spate about air passenger data.  The EU wants to avoid leaking it, and the US wants to compare it to their terror lists.  Well, that's just an instance of Comparing Information Without Leaking It, so using existing algorithms that can be achieved - technically.  I'm not holding my breath on the politics however, especially, as I suspect, the US is actually just as interested in data mining this information (and using it for a variety of not entirely noble causes), as it is in identifying known suspects.  Of course, data mining isn't a perfect science for finding terrorists...

In any case, I've been casually considering various other information leaks as a result.  Here's an irritating one I can't fix easily:  PicasaWeb uses your Google username as an element of your web album URL.  For example, a recently uploaded Panorama is at http://picasaweb.google.com/eamon.nerbonne/Panoramas.  I can't easily change that URL (and certainly not after posting links to it everywhere), and the only options you can change it too are other google usernames you have.  Well, that's great, but those also coincide with your gmail google address.  In conclusion, I'm looking forward to more spam promptly; because it's trivial to harvest picasaweb of valid gmail addresses now.

posted by Eamon Nerbonne @ 4:51 PM   4 Comments

4 Comments:

At 25 January, 2007 17:59 , Blogger Mark IJbema said...

And you thought that was a bad case of leakage? Try google leaking credentials with their antiphishing features...

 
At 25 January, 2007 19:06 , Blogger Eamon Nerbonne said...

Although the credential leak is pretty blatant, it was restricted to a very small number of specific credentials; and it's an almost unavoidable symptom of a site being phished. Furthermore; these people were notified quickly thereafter, and it's an error you can try to avoid.

Frankly, if your data has reached an anti-phishing list, you already have a huge problem.

The picasaweb issue is nasty not because of its individual impact, but because it's widespread (most picasaweb users will be gmail users), and because it's a design flaw - it can no longer be fixed (easily)! So yeah, I think that this issue is more relevant than two or three (it really was a small number) credentials appearing on the list; not that the credential leak isn't ironic, it's just a ephemeral thing, that's all.

 
At 20 April, 2007 10:59 , Blogger Nicolaas said...

Maybe google uses the picasa web album users to upgrade their spam filters for gmail.

 
At 20 April, 2007 14:52 , Blogger Eamon Nerbonne said...

Ahh... It's a feature ;-)

 

Post a Comment

Subscribe to Post Comments [Atom]

<< Home